|
Home > Archive > 70-218 > July 2003 > 70-218 Q of the Day Monday 7/28
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
70-218 Q of the Day Monday 7/28
|
|
| mrfixit 2003-07-28, 1:03 pm |
| Good response to Friday's QoD! Once again, I apologize for the typo. Here's todays question! 
You are the network administrator for your company. The network consists of a single Windows 2000 domain. All servers run Windows 2000 Server. All client computers run Windows 2000 Professional. Your manager reports that files located in shared folders on a server named Ruscorp are being deleted and must continually be restored from backup. You are asked to configure the local security policy on Ruscorp to find out who is deleting the files. You enable auditing on the affected files and folders for all users in the domain. Which auditing policy or security policy should you enable on Ruscorp?
A)Account Logon Events – Success audit policy
B)Object Access – Success audit policy
C)Privilege Use – Success audit policy
D)Process Tracking audit policy
E)Account Logon Events – Failed Security policy
See you tomorrow! | |
| ghaouf 2003-07-28, 1:28 pm |
| B)Object Access – Success audit policy | |
| cramersaunders 2003-07-28, 1:40 pm |
| B | |
| isles1 2003-07-28, 10:18 pm |
| B | |
| adam salam 2003-07-29, 7:54 am |
| seems to me the answer is:
B)Object Access – Success audit policy | |
| Tarzanboy 2003-07-29, 12:10 pm |
| F. The missing objects are merely renamed and this is typical behavior from Ruscorp thusly it can be safely ignored. 
Cheers,
TB | |
| mrfixit 2003-07-29, 1:05 pm |
| Got busy this morning! (Damn work! Always interrupting! )
quote:
Originally posted by mrfixit
You are the network administrator for your company. The network consists of a single Windows 2000 domain. All servers run Windows 2000 Server. All client computers run Windows 2000 Professional. Your manager reports that files located in shared folders on a server named Ruscorp are being deleted and must continually be restored from backup. You are asked to configure the local security policy on Ruscorp to find out who is deleting the files. You enable auditing on the affected files and folders for all users in the domain. Which auditing policy or security policy should you enable on Ruscorp?
B)Object Access – Success audit policy
Windows 2000 can keep very detailed records of the activity in the domain. Administrators can log the comings and goings of users, the access of objects, changes made in record keeping or security policy, etc. Organizations can put security architecture in place and use log files to look at abnormal activity. Object Access will enable auditing of access to objects (files, folders, and printers). You should audit for success since you want to find out who is successfully deleting files.
Sorry, no QoD today. Maybe tomorrow. (Work, work, work! ) |
|
|
|
|